How to install and access CentOS remote desktop on VPS

Step One: Install CentOS Desktop

If an available CentOS image is a minimal version of CentOS without desktop, you will need to install desktop (e.g., GNOME) on your CentOS VPS before proceeding. For example, DigitalOcean's CentOS image is such a minimal version, which requires desktop GUI installation as follows.

# yum groupinstall "GNOME Desktop"

Reboot a VPS after finishing installation.

Step Two: Install and Configure VNC Server

The next step is to install and configure VNC server. We are going to use TigerVNC, an open-source VNC server implementation.

# yum install tigervnc-server

Now create a user account (e.g., xmodulo) which will be used to access remote desktop.

# useradd xmodulo

# passwd xmodulo

When a user tries to access remote desktop using VNC, a dedicated VNC server daemon will be launched to handle its requests. This means that you will need to create a separate VNC server configuration for each user.

CentOS 7 relies on systemd to manage and configure system services. So we are going to configure VNC server for xmodulo user using systemd.

Let's first check the status of VNC server by running either command below:

# systemctl status vncserver@:.service

# systemctl is-enabled vncserver@.service

By default, freshly installed VNC service is not active (disabled).

Now create a VNC service configuration for xmodulo user by copying a generic VNC service unit file as follows.

# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

Open the configuration file with a text editor, and replace <USER> with an actual user name (e.g.,xmodulo) under [Service] section. Also, append "-geometry <resolution>" parameter in ExecStart. In the end, the following two lines with bold font will be modified.

# vi /etc/systemd/system/vncserver@:1.service

[Service] Type=forking # Clean any existing files in /tmp/.X11-unix environment ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' ExecStart=/sbin/runuser -l xmodulo -c "/usr/bin/vncserver %i -geometry 1024x768" PIDFile=/home/xmodulo/.vnc/%H%i.pid ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

Now set up (optional) VNC password for xmodulo user for security. For this, switch to the user, and runvncserver command.

# su - xmodulo

# vncserver

You will be prompted to enter a VNC password for the user. Once the password is set, you will need to use this password to gain access to remote desktop.

Finally, reload services to activate the new VNC configuration:

# systemctl daemon-reload

and enable VNC service to make it start automatically upon boot:

# systemctl enable vncserver@:1.service

Check the port number that a VNC server is listening on by running:

# netstat -tulpn | grep vnc

Port 5901 is the default port number for VNC client to connect to a VNC server.

Step Three: Connect to Remote Desktop over SSH

By design, Remote Frame Buffer (RFB) protocol used by VNC is not a secure protocol. Thus it is not a good idea to directly connect to a remote VNC server running on VPS using a VNC client. Any sensitive information such as password could easily be leaked from VNC traffic. So instead, I strongly recommend that you tunnel VNC traffic over a secure SSH tunnel, as described here.

On a local host where you want to run VNC client, create an SSH tunnel to a remote VPS using the following command. When prompted for SSH password, type the password of the user.

$ ssh xmodulo@<VPS-IP-address> -L 5901:127.0.0.1:5901

Replace "xmodulo" with your own VNC user, and fill in the IP address of your VPS instance.

Once an SSH tunnel is established, remote VNC traffic will be routed over the SSH tunnel, and be sent to 127.0.0.1:5901.

Now go ahead and launch your favorite VNC client (e.g., vinagre), and connect to 127.0.0.1:5901.

You will be asked to enter a VNC password. When you type a correct VNC password, you will finally be able to CentOS remote desktop on VPS securely.